Microsoft's top lawyer calls for 'digital Geneva Convention'

Government demands becoming too intrusive even for Microsoft

Software giant Microsoft has called for a 'digital Geneva Convention' to protect people and businesses from the online predations of governments, police and security services.

Microsoft chief legal officer Brad Smith made the suggestion in a blog post published at the same time as the RSA Conference this week in San Francisco, California. He put forward the idea of a "Geneva Convention" on cybercrime to police the rules of engagement and set a framework for what constitutes a cyber war-crime.

He goes on to state that he believes that companies like Microsoft should be regarded as a "digital Switzerland that assists customers everywhere and retains the world's trust". The Geneva Convention was fleshed out between 1864 and 1949 in order to lay some ground rules to protect non-combatants, including civilians and prisoners of war.

Smith pointed out that at the moment, a government antagonist is usually met in the first instance by defence from the tech sector, effectively meaning that there is no "digital military" which really ought to be responsible for making sure that everyone else's service continues uninterrupted.

Smith added that Microsoft has an extensive war chest to keep services running, headed up by a Cyber Defence Operations Centre. The company also uses legal recourse on offences such as cybersquatting, adding an additional layer to its arsenal, which still only represents one company's role as other corporations mount similar counter responses across both the digital and physical worlds.

"Governments around the world should pursue a broader multilateral agreement that affirms recent cybersecurity norms as global rules," wrote Smith.

He added: "Just as the world's governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, [today] we need a Digital Geneva Convention that will commit governments to implement the norms that have been developed to protect civilians on the internet in times of peace."

Smith highlights potential clauses, such as refraining from attacks on the private sector or critical infrastructure, and the theft of intellectual property. He added that governments should be proactive in helping the private sector in the event of cyber attacks, and not leave everything to them.

He further suggested governments should not be allowed to "stockpile or sell" known vulnerabilities.

Finally, he believes that an independent commission, similar to the war crimes tribunal in The Hague, ought to be set up to regulate government's offensive cyber activities.